Okta

PADS4 allows integration with Okta to streamline user authentication and management. This is accomplished through the Credentials interface in PADS4 CTRL Center. Follow the steps below to connect your Okta instance:

​

1. Accessing the PADS4 CTRL Center

To begin:

• Open your web browser.
• Navigate to the PADS4 server URL (either a DNS name or IP address).
• Log in using an Administrator account.

Once logged in:

• Click on Dashboard.
• Use the Toggle Sidebar button at the top-right of the screen.
• Navigate to Credentials.
• Then select Providers.

​

2. Create the Okta application

To configure an Okta identity provider, you will need to connect to Okta as an Administrator and create a new okta app integration.

• On Okta, go to Applications page
• Click on “Create App Integration”

• Select “SAML 2.0” sign-in method and click “Next”

• Fill in the information requested in the from and click “Next”

For example:

• Name: PADS4

​

3. Setup SAML 2.0 configuration

• Edit the SAML Settings configuration

• Single sign-on URL:
  • local pads4 url with /rdx/nds.services.authentication.integration/api/v1/pads/Saml2/Acs
  • For example: https://pads4.mycompany.com/rdx/nds.services.authentication.integration/api/v1/pads/Saml2/Acs
• Audience URI (SP Entity ID):
  • local pads4 url with /saml 
  • For example: https://pads4.mycompany.com/saml

​

4. Attributes & claims

• Edit the attributes and claims to match the values below

• For the group attribute, please follow the configuraton below and ensure the filter is set on the “Matches regex” option.

• Click on the “Next” button
• Then click on the “Finish” button to create the app integration

​

5. Assign user groups to the application

To define which user groups will have access to the application, you will need to assign the expected user groups to the application.

• On the application you just created, on the top menu, click on the “Assignments” item
• Click on the “Assign” button and then click on “Assign to groups”

• Click “Assign” on any groups you want to assign to the application and click on “Done”

​

6. Collection configuration data required for creating the identity provider in PADS4

In order to create the identity provider in PADS4, you will need to collect some information on your newly created Okta Entra identity provider that will allow you to configure the provider in PADS4.  For this you will need to click on the “Sign On” tab of your created app and follow the instructions below:

• Go to the “Sign On” app
• On the SAML 2.0 panel, click on the “More details” button
• Collect the following information:

​

7. Configuring the provider in PADS4

With the information configurated and retrieved above you will be able to configurate the Okta integration in PADS4.

• Login to the PADS4 Web Portal of your PADS4 instance with an account that has atleast the PADS4 System Management license.
• On the Dashboard open the left menu and browse to “Credentials” at the bottom left.
• Now click on “Providers” followed by “New”

• Open the Okta configuration menu

Fill in the information as follows:

• Name: Represent the name of your provider in PADS4 (can be any value)
• Indentifier: Represent the “Issuer” value collected in step 6.
• Reply URL: Represent your local pads4 FQDN
  • Example: https://pads4.mycompany.com
• Metadata URL: Represent the “Metadata URL” collected in step 6
• Indentifier and Assertion Consumer Service URL will be filled in automatically.

Now go to step 2 to upload the certificates required:

• Provider signing certificate: Upload the Okta signing certificate retrieved in step 6.
• Certificate from/for “domainone”: Upload any certificate (.PFX) you want to sign assertions from PADS4 to the external identity provider.
• Private key password: Fill in the password that relates to the PFX certificate used above.